Logical bug on Facebook group

Hi,

I would like to share one of  Logical Bug in facebookgroups. The bug I found was too simple to exploit but it had a great Impact.

[#] Title:  Logical bug on facebook group.

[#] Worth: $2000 USD

[#] Status: Fixed

[#] Severity : I don’t know :p

[#] Author: Manjesh S

[#] Twitter: @Manjesh24

Description:

If you are the admin of the group you can remove the users, add users, edit/delete posts etc..

But if you make a attacker admin then he also gets the same admin rights, The problem is you cannot remove the attacker from the group using this bug..

READ MORE »

Critical Facebook vulnerability could have made it easy to hack accounts [VIDEO]

A critical vulnerability was recently found in Facebook that could allow an attacker to hijack, and take control over, accounts on the social network.

No, not the one that required the attacker to just send a single SMS text message. This is a *different* vulnerability that can lead to a complete Facebook account takeover.

This latest security hole was discovered by vulnerability researcher Dan Melamed.
Melamed discovered that a security weakness existed in Facebook’s handling of accounts which have multiple email addresses associated with them.

READ MORE »

How to find the primary email address of any Facebook user. Privacy bug squashed

When you sign-up for a social network you expect it to keep its privacy promises. For instance, if you tell the social network not to reveal your email address to any other members, you expect it to remain private.

But a security researcher has detailed how he found a way to find out *any* Facebook user’s primary email address, regardless of their privacy settings, by exploiting a weakness on the social network.
Security researcher Stephen Sclafani described how he stumbled across the privacy hole while ambling through some old mailing lists.

READ MORE »

Bug Bounty – Paypal có chơi đẹp?

Bug Bounty là chương trình tìm kiếm lỗ hổng bảo mật và thông báo cho đơn vị tổ chức và nhận giải thưởng. Các lỗ hổng tìm được sẽ được cung cấp duy nhất cho nhà tổ chức.
Nhiều trang web nổi tiếng như Facebook, Google, Paypal, Mozilla, Barracuda Networks chi hàng nghìn USD để trao giải thưởng cho các hacker tìm ra lỗi.
READ MORE »

XSS Tutorial - From Bug to Vulnerability

__________ -:: Introduction ::- ____________

What is XSS and what does it refer to?
XSS aka Cross Site Scripting is a client-side attack where an attacker creates a malicious link,
containing script- code which is then executed within the victim's browser. The script-code
can be any language supported by the browser but mostly HTML and Javascript is used along
with embedded Flash, Java or ActiveX.READ MORE »